A relatively new phishing kit has been spotted, and this one is utilizing embedded JavaScript to create a more legitimate-looking site to easily fool even more users. The phishing kit, named LogoKit, is designed to be completely modularized, allowing for easy reuse and adaptation by cybercriminals. LogoKit stands out from other phishing kits by exploiting multiple files and complex layouts making the landing pages to appear more genuine. The LogoKit phishing kit also enables the use of embedded JavaScript functions, this compared to previously existing phishing kits which pages are generally a purely static page.
This phishing kit was first brought to light by RiskIQ, a threat intelligence firm. According to RiskIQ, the adoption of this phishing kit has skyrocketed in the past month with over 700 domains, and of these domains 300 appeared in only the last week alone. According to the report, LogoKit targets users of renowned domains predominantly, OneDrive, Microsoft, and SharePoint. These kits are developed and designed to interact within Document Object Model (DOM), in the presentation layer (layer 6 of the 7-layer OSI model). The interconnection with DOM allows the script to change the visible content of the site as well as the HTML form data with no user interaction.
LogoKit’s simple, versatile, and yet effective strategy to use a legitimate websites resources and elements to create sites makes the phishing site even harder to detect, according to RiskIQ. The phishing tool kit is flexible, and it may mimic the auto-filled information in the username or email fields to trick users into believing they have logged into the site previously. It is even believed that the attackers can also inject scripts into HTML and JavaScript which uses resources from legitimate storage buckets, which makes it even more interesting for threat intelligence firms. Cybercriminals can host their script to steal any third-party services or even credentials while hiding one or several malicious scripts, all while appearing as an authentic web site.
The threat intelligence firms added that the phishing tool kit relies on, like previous phishing kits, sending users phishing emails with links to their email addresses. Once the receiver navigates to the URL, the phishing tool kit quickly copies the company logo and elemental resources from the authentic site’s resource buckets, as well as mimics 3rd party services from the existing site. Once the victim enters their password, LogoKit performs an AJAX request, storing the victim’s password and email address, or login, then redirecting them to the authentic website. LogoKit phishing tools’ modularity and features allows the attacker to target any company with very little customization work by the attacker manually, which enables them to launch hundreds of attacks a week against the companies.
Phishing has been, and will continue to be, a lucrative method for cybercriminals. According to the Verizon Data Breach Report, attackers used phishing methods in 22% of successful breaches. LogoKit is not the only phishing kit out there to utilize JavaScript to mimic web sites. Last October, Akamai reported numerous phishing attacks that utilized JavaScript to fool users into divulging credentials and personal information.
To avoid falling prey to such attacks, companies should focus on increasing cyber security awareness and training employees to recognize such phishing tactics. Both employees and employers should verify communications regarding their official account with the IT department.
For more news and updates visit https://blog.excellimatrix.com/
For any questions, reach us out on Facebook, & LinkedIn or Contact us. You can also drop a mail at sales@ExcelliMatrix.com for any discussion